Who is the assignee on this patent?

Ohare Mark S, Orsini Rick L, Davenport Roger S, and 2 more

What technology area does this patent fall under?

Primary CPC classification G06F21/606. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Secure data parser method and system

US9935923B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9935923-B2
Application number	US-201213371364-A
Country	US
Kind code	B2
Filing date	Feb 10, 2012
Priority date	Oct 25, 2004
Publication date	Apr 3, 2018
Grant date	Apr 3, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for securing a data set, the method steps implemented by a programmed computer system, the method steps comprising: encrypting the data set based on an encryption key to produce an encrypted data set; transforming the encryption key using an all-or-nothing transform to produce a transformed encryption key; generating data splitting information, wherein the data splitting information is usable to randomly or pseudo-randomly determine: into which of a plurality of shares of data a unit of data of the encrypted data set will be placed, and a position of the unit of data within its respective share of data; separating the encrypted data set into the plurality of shares based on the data splitting information; including in the plurality of shares data indicative of the transformed encryption key; and causing the plurality of shares to be stored in respective separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 2. The method of claim 1 wherein the step of separating the encrypted data into the plurality of shares comprises causing a plurality of data units in each of the shares to be rearranged relative to one another. 3. The method of claim 1 , wherein the step of storing the shares in respective separate storage locations comprises storing the shares on at least two separate storage devices. 4. The method of claim 1 , further comprising the steps of: creating integrity information based on the data set; and including in the plurality of shares data indicative of the integrity information. 5. The method of claim 1 , further comprising the steps of: creating hash information based on a hash operation using the data set; and including in the plurality of shares data indicative of the hash information. 6. The method of claim 1 , wherein the step of including data indicative of the encryption key comprises: encrypting the transformed encryption key with a second key to produce an encrypted transformed encryption key; and including in the plurality of shares data indicative of the encrypted transformed encryption key. 7. The method of claim 6 further comprising the method step of storing the second key outside of the plurality of shares, wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares, and the second key. 8. The method of claim 1 wherein the all-or-nothing transform is a full-package transform. 9. A non-transitory computer readable medium storing computer executable instructions that, when executed by at least one processor, cause a computer system to carry out a method for securing a data set, the method comprising the steps: encrypting the data set based on an encryption key to produce an encrypted data set; transforming the encryption key using an all-or-nothing transform to produce a transformed encryption key; generating data splitting information, wherein the data splitting information is usable to randomly or pseudo-randomly determine: into which of a plurality of shares of data a unit of data of the encrypted data set will be placed, and a position of the unit of data within its respective share of data; separating the encrypted data set into the plurality of shares based on the data splitting information; including in the plurality of shares data indicative of the transformed encryption key; and causing the plurality of shares to be stored in respective separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 10. The non-transitory computer readable medium of claim 9 , wherein the step of separating the encrypted data into the plurality of shares comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another. 11. The non-transitory computer readable medium of claim 9 , wherein the step of storing the shares in respective separate storage locations comprises storing the shares on at least two separate storage devices. 12. The non-transitory computer readable medium of claim 9 , wherein the method further comprises the steps of: including in the plurality of shares data indicative of the integrity information. 13. The non-transitory computer readable medium of claim 9 , wherein the method further comprises the steps of: creating hash information based on a hash operation using the data set; and including in the plurality of shares data indicative of the hash information. 14. The non-transitory computer readable medium of claim 9 , wherein the step of including data indicative of the encryption key comprises: encrypting the transformed encryption key with a second key to produce an encrypted transformed encryption key; and including in the plurality of shares data indicative of the encrypted transformed encryption key. 15. The non-transitory computer readable medium of claim 14 further comprising the method step of storing the second key outside of the plurality of shares, wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares, and the second key. 16. The non-transitory computer readable medium of claim 9 wherein the all-or-nothing transform is a full-package transform. 17. A computer system for securing a data set, the system comprising: at least one processor; a non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor, cause the computer system to carry out a method for securing a data set, the method comprising the steps of: encrypting the data set based on an encryption key to produce an encrypted data set; transforming the encryption key using an all-or-nothing transform to produce a transformed encryption key; generating data splitting information, wherein the data splitting information is usable to randomly or pseudo-randomly determine: into which of a plurality of shares of data a unit of data of the encrypted data set will be placed, and a position of the unit of data within its respective share of data; separating the encrypted data set into the plurality of shares based on the data splitting information; including in the plurality of shares data indicative of the transformed encryption key; and causing the plurality of shares to be stored in respective separate storage locations; wherein the data set is restorable by accessing less than all, but at least a threshold number of, the plurality of shares. 18. The system of claim 17 , wherein the step of separating the encrypted data into the plurality of shares comprises causing a plurality of data units of the encrypted data set to be rearranged relative to one another. 19. The system of claim 17 , wherein the separate storage locations are located on at least two separate storage devices. 20. The system of claim 17 , wherein the method further comprises the steps of: creating integrity information based on the data set; and including in the plurality of shares data indicative of the integrity information. 21. The system of claim 17 , wherein the method further comprises the steps of: creating hash information based on a hash operation using the data set; and including in the plurality of shares data indicative of the hash information. 22. The system of claim 17 , wherein the ste

Assignees

Inventors

Classifications

H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L9/3263
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
H04L63/04
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
G06F17/30312
Physics · mapped topic
G06F21/606Primary
by securing the transmission between two devices or processes · CPC title

Patent family

Related publications grouped by family.

View patent family 35912925

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9935923B2 cover?: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to pr…
Who is the assignee on this patent?: Ohare Mark S, Orsini Rick L, Davenport Roger S, and 2 more
What technology area does this patent fall under?: Primary CPC classification G06F21/606. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).